There aren’t many places where you can see the gray space between the good guys and the bad guys in the cybercrime wars. But the Black Hat and Defcon conferences coming up this week in Las Vegas are a study in contrasts where criminal hackers and Feds can stare each other down.

The two conferences, both started by one-time hacker Jeff Moss, are attended by an unusual assortment of federal agents, corporate security professionals, anti-malware companies, “good guy” hackers and criminal elements who write viruses or steal identities online. They’re all there under the auspices of “know thy enemy.”

Defcon, attended largely by counterculture hackers, is in its 15th year at the somewhat down-scale Riviera Hotel in Las Vegas. Black Hat, aimed more at the corporate folks at the swanky Caesar’s Palace, is in its 11th year. Black Hat draws a more elite crowd of 3,400 who pay its higher fees, while Defcon draws 5,000 to 10,000 people who shell out just $100.

But there is a lot of gray, since these conferences are kind of a neutral territory in the cat and mouse game between “white hats” and “black hats.” Because there are so many corporate and government enforcers present, it’s not the best place for criminal hackers to pull off crimes or brag about their exploits. (Still, I may not be blogging as much from any unprotected wireless Internet locations or asking my neighbors to keep an eye on my laptop).

Moss, a 37-year-old who started hacking at age 13 so he could make free phone calls, said he likes the contrast between the conferences because both sides know they can make themselves understood to the other.

The topics that are drawing everyone together are heavy duty. They include the latest “hacks,” or unauthorized security compromises, of Apple’s new iPhone. Other topics are the latest vulnerabilities of Windows Vista, satellite navigation systems, and radio frequency identification tags. The Black Hat talks often give details of what vulnerabilities exist and what the consequences are, but they do not always include step-by-step recipes.

Heavyweight speakers include former National Security Council adviser Richard Clarke, Tony Sager, an operations chief at the National Security Agency, encryption expert Phil Zimmermann, and Bruce Schneier, founder of the security firm Counterpane.

Moss said in an interview there is a huge difference between the conferences of today and those of the past.

“Now we are dealing with the large problem of organized crime,” he said. “These are completely different threats.”

Another topic that will be hot is the online attacks that occurred between Estonia and Russia earlier this year, an event that many deemed the first instance of nations engaging in a “cyber war.” During April, cyberattacks that allegedly originated in Russia brought down a number of Estonian government and banking sites on the Internet.

“We knew this would happen, where nation states and non-traditional terrorist organizations would make use of these tools for electronic war,” said Jim Christy, director of futures exploration for the Department of Defense’s Cyber Crimes Center, who has been going to Defcon for nine years.

This is one of those conferences where even attending makes a statement, Christy said. One of his goals is to recruit for the good guys, not by going after talented “black hats” but by intercepting young hackers before they turn criminal.

At least one security professional I know boycotts even Black Hat, let alone Defcon, since he doesn’t want to be associated with the “darker elements” of the industry. But another, Oliver Friedrichs, director of emerging technologies for Symantec’s Security Response team, says it’s valuable for him to go to Black Hat to catch up on research about threats, which is what the conference is all about. But he added, “I won’t be having dinner with any virus writers.”

More in News

SAN JOSE -- Grenades were discovered at an estate sale Monday, prompting the evacuation of about 10 homes near the San Jose Country Club, according to the Santa Clara County Sheriff's Office. Deputies were called to the 300 block of Gordon Avenue, near Greenside Drive, about 4:10 p.m., said Sgt. Rich Glennon. Get breaking news with our free mobile app....